SlideShare a Scribd company logo
1 of 22
Docker Multi Host Networking
Rachit Arora , IBM
BigInsights on Cloud
Agenda

Docker networking – overview

Native Multi Host networking (Experimental)

Software defined networks SDNs

Multi Host networking options
− OpenVSwtich
− Weave
− Flannel , SocketPlane Etc..
Goals

Make "network" a first class object

Provide a Pluggable networking stack

Span networks across multiple hosts

Support multiple platforms
libnetwork
Updated Networking Stack in Docker
Create Networks using the Docker CLI
Multi-host Networking
Services UI
SDNs value proposal
SDNs proposes network solutions embracing cloud paradigms

Massively multi-tenant

Thousands tenants, massively scalable

Easy & fast (de)provisioning

Infra as code, API centric

Infrastructure agnostic

L3, does not stick with lower levels (physical designs, vlans & co)

Decouple infrastructure & tenants lifecycles

Cross technology, vendor agnostic

Full-mesh, network agnostic and encapsulated approach

Relies on L3 networks and GRE, VXLAN… tunnels for inter-hosts communication (avoid using L2)

Network agnostic, til hosts can route trafic

SDN Routers must route traffic between an inner virtual net and the ext. world
SDN Properties
Host #3
Host #1
Host #2
SDN
network #1
SDN
network #1
SDN
network #1
SDN
network #1
SDN
network #1
Router
Physical net.
Flow encapsulation
L3 network
OpenVSwtich

Open vSwitch is a production quality, multilayer virtual switch
licensed under the open source Apache 2.0 license.

It is designed to enable massive network automation through
programmatic extension, while still supporting standard
management interfaces and protocols (e.g. NetFlow, sFlow,
IPFIX, RSPAN, CLI, LACP, 802.1ag).

In addition, it is designed to support distribution across multiple
physical servers similar to VMware's vNetwork distributed
vswitch
Host #1 Host #3Host #2
Getting Started
Container ‘app’
Container ‘db’
Bridgedocker0
Container ‘app’
Container ‘db’
Bridgedocker0
Container ‘app’
Container ‘db’
Container ‘app’
Bridgedocker0
Container ‘app’
TCP ports of
services running
in containers are
mapped

Get rid of actual Docker bridges implementation ! (Turn ICC False)

If not, all containers will talk together across a same host
SetUp - OVS

Setup Dev Tools
− yum -y groupinstall "Development Tools"
− yum -y install wget openssl-devel
− yum -y install wget openssl-devel gcc make python-devel openssl-devel kernel-devel graphviz kernel-debug-
devel autoconf automake rpm-build redhat-rpm-config libtool

Set up Bridge Utils
− yum -y install bridge-utils

Prepare OVS rpm
− cd ~
− mkdir -p rpmbuild/SOURCES
− wget http://openvswitch.org/releases/openvswitch-2.3.1.tar.gz
− tar xvfz openvswitch-2.3.1.tar.gz
− cd openvswitch-2.3.1/
− cp ../openvswitch-2.3.1.tar.gz ~/rpmbuild/SOURCES/
− sed 's/openvswitch-kmod, //g' openvswitch-2.3.1/rhel/openvswitch.spec > openvswitch-
2.3.1/rhel/openvswitch_no_kmod.spec
− rpmbuild -bb --nocheck ~/openvswitch-2.3.1/rhel/openvswitch_no_kmod.spec

You can find the files in ~/rpmbuild/RPMS/x86_64/.

yum -y localinstall openvswitch-2.3.1-1.x86_64.rpm

Use OpenVSwitch to create bridges on each host, for each tenant’s subnet. For
instance, on host #1:
»
ovs-vsctl add-br tech-br
»
ovs-vsctl add-port tech-br tep0 -- set interface tep0 type=internal
»
ifconfig tep0 192.168.1.1 netmask 255.255.255.0
»
ovs-vsctl add-br sdn-br0
»
ovs-vsctl set bridge sdn-br0 stp_enable=true
Create SDN compliant bridges
Host #1
sdn-br0
Host #3
sdn-br0
sdn-br1
Host #2
sdn-br0
sdn-br1
Simplified view. Detailed insight exposed in later slides
Once per host: common plumbing
For each bridge: create and protect
against ethernet loops using
Spanning Tree Protocol (beware, in
complex/large deployments, it may
consumes a lot of CPU!)
Link SDN bridges
Host #1
sdn-br0
Host #3
sdn-br0
sdn-br1
Host #2
sdn-br0
sdn-br1

Use OpenVSwitch to link corresponding bridges accross hosts

In this example, we decided to use the full-mesh approach. On host #1:

ovs-vsctl add-port sdn-br0 gre0 --set interface gre0 type=gre options:remote_ip:1.2.3.2

ovs-vsctl add-port sdn-br0 gre1 --set interface gre1 type=gre options:remote_ip:1.2.3.3
gre0
gre1
1.2.3.1 1.2.3.2 1.2.3.3
Simplified view. Detailed insight exposed in later slides
U
Start containers and map them to the bridges
Host #1
sdn-br0
Host #3
sdn-br0
sdn-br1
Host #2
sdn-br0
sdn-br1
Container ‘app’
Container ‘db’
Container ‘app’
Container ‘db’
Container ‘app’
Container ‘app’
Container ‘db’
Container ‘app’
Container ‘db’

Instanciate containers without pre-built interfaces to avoid
plugging containers to native docker0 bridge

Use “docker run … ip = ?? -net=none” switch in “docker run” calls
Weave
Weave

Weave can traverse firewalls and operate in partially connected
networks.

Traffic can be encrypted, allowing hosts to be connected across
an untrusted network.

With weave you can easily construct applications consisting of
multiple containers, running anywhere.

Weave works alongside Docker's existing (single host)
networking capabilities, so these can continue to be used by
containers.
Weave Installation
Ensure you are running Linux (kernel 3.8 or later) and have
Docker (version 1.3.1 or later) installed
Weave Setup
Performance Comparison – self test

Used qperf to test performance

Physical Host
− tcp_bw:
− bw = 117 MB/sec

OVS with gre tunnel (Default)
− tcp_bw:
− bw = 81.9 KB/sec

OVS with gre tunnel (ethtool -K ovsBridge tx off sg off tso off) ( technique for increasing
outbound throughput of high-bandwidth network connections by reducing CPU overhead , not
recommended for production)
− tcp_bw:
− bw = 104 MB/sec

Weave(Latest version) based on VXLAN (Older versions based on pcap had lower
performance)
− tcp_bw:
− bw = 92.3 MB/sec
Bonus: Alternate design - OpenStack Neutron paradigms

Alternate design, based on OpenStack Neutron paradigms

All VMs/containers of a same tenant network are segregated
inside a dedicated, local VLAN of a shared unique bridge

Full-mesh of GRE tunnels between all hosts

On each host, local mapping between a local tenant network
VLAN and its GRE identifier shared across all hosts

More Related Content

What's hot

Docker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker, Inc.
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSDocker, Inc.
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanNeependra Khare
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneMadhu Venugopal
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiMike Goelzer
 
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Debra Robertson
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsSreenivas Makam
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker, Inc.
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveMadhu Venugopal
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPCDocker, Inc.
 
Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker, Inc.
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Docker Online Meetup #28: Production-Ready Docker Swarm
Docker Online Meetup #28: Production-Ready Docker SwarmDocker Online Meetup #28: Production-Ready Docker Swarm
Docker Online Meetup #28: Production-Ready Docker SwarmDocker, Inc.
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetesinwin stack
 
Container Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrContainer Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrTaku Fukushima
 

What's hot (20)

Docker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slides
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOS
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai Vallirajan
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-Plane
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
 
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101
 
What's New in Docker 1.12?
What's New in Docker 1.12?What's New in Docker 1.12?
What's New in Docker 1.12?
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing options
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF Meetup
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep dive
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
 
Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker Orchestration at Production Scale
Docker Orchestration at Production Scale
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Project Atomic-Nulecule
Project Atomic-NuleculeProject Atomic-Nulecule
Project Atomic-Nulecule
 
Docker Online Meetup #28: Production-Ready Docker Swarm
Docker Online Meetup #28: Production-Ready Docker SwarmDocker Online Meetup #28: Production-Ready Docker Swarm
Docker Online Meetup #28: Production-Ready Docker Swarm
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
 
Container Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrContainer Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack Kuryr
 

Viewers also liked

Multi host networking with docker
Multi host networking with dockerMulti host networking with docker
Multi host networking with dockerMyoungSu Shin
 
Docker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionDocker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionPhi Huynh
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
 
Joomla Day Poland 15 - Docker
Joomla Day Poland 15 - DockerJoomla Day Poland 15 - Docker
Joomla Day Poland 15 - DockerLukas Lesniewski
 
Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Dan Mackin
 
Atlassian User Group Lower Silesia BUILDFAILUJE? PRZECIEŻ U MNIE DZIAŁAŁO
Atlassian User Group Lower Silesia BUILDFAILUJE? PRZECIEŻ U MNIE DZIAŁAŁOAtlassian User Group Lower Silesia BUILDFAILUJE? PRZECIEŻ U MNIE DZIAŁAŁO
Atlassian User Group Lower Silesia BUILDFAILUJE? PRZECIEŻ U MNIE DZIAŁAŁONetworkedAssets
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker ContainersAttila Kanto
 
Docker meetup
Docker meetupDocker meetup
Docker meetupsyed1
 
Lessons learned in reaching multi-host container networking
Lessons learned in reaching multi-host container networkingLessons learned in reaching multi-host container networking
Lessons learned in reaching multi-host container networkingTony Georgiev
 
Single Host Docker Networking
Single Host Docker NetworkingSingle Host Docker Networking
Single Host Docker Networkingallingeek
 
#eventcepcja Networking Izabela Górska (Business Link Warszawa)
#eventcepcja Networking Izabela Górska (Business Link Warszawa)#eventcepcja Networking Izabela Górska (Business Link Warszawa)
#eventcepcja Networking Izabela Górska (Business Link Warszawa)Edyta Kowal
 
docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書じゅん なかざ
 
Lesson Learned from Using Docker Swarm at Pronto
Lesson Learned from Using Docker Swarm at ProntoLesson Learned from Using Docker Swarm at Pronto
Lesson Learned from Using Docker Swarm at ProntoKan Ouivirach, Ph.D.
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Hervé Leclerc
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVSsnrism
 
Docker 1.5
Docker 1.5Docker 1.5
Docker 1.5rajdeep
 
Aura Framework Overview
Aura Framework OverviewAura Framework Overview
Aura Framework Overviewrajdeep
 

Viewers also liked (20)

Multi host networking with docker
Multi host networking with dockerMulti host networking with docker
Multi host networking with docker
 
Docker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionDocker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode Introduction
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
Joomla Day Poland 15 - Docker
Joomla Day Poland 15 - DockerJoomla Day Poland 15 - Docker
Joomla Day Poland 15 - Docker
 
Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)
 
Atlassian User Group Lower Silesia BUILDFAILUJE? PRZECIEŻ U MNIE DZIAŁAŁO
Atlassian User Group Lower Silesia BUILDFAILUJE? PRZECIEŻ U MNIE DZIAŁAŁOAtlassian User Group Lower Silesia BUILDFAILUJE? PRZECIEŻ U MNIE DZIAŁAŁO
Atlassian User Group Lower Silesia BUILDFAILUJE? PRZECIEŻ U MNIE DZIAŁAŁO
 
swarmmode-dojo
swarmmode-dojoswarmmode-dojo
swarmmode-dojo
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker Containers
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
 
Lessons learned in reaching multi-host container networking
Lessons learned in reaching multi-host container networkingLessons learned in reaching multi-host container networking
Lessons learned in reaching multi-host container networking
 
Single Host Docker Networking
Single Host Docker NetworkingSingle Host Docker Networking
Single Host Docker Networking
 
#eventcepcja Networking Izabela Górska (Business Link Warszawa)
#eventcepcja Networking Izabela Górska (Business Link Warszawa)#eventcepcja Networking Izabela Górska (Business Link Warszawa)
#eventcepcja Networking Izabela Górska (Business Link Warszawa)
 
docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書
 
Lesson Learned from Using Docker Swarm at Pronto
Lesson Learned from Using Docker Swarm at ProntoLesson Learned from Using Docker Swarm at Pronto
Lesson Learned from Using Docker Swarm at Pronto
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVS
 
Docker 1.5
Docker 1.5Docker 1.5
Docker 1.5
 
Aura Framework Overview
Aura Framework OverviewAura Framework Overview
Aura Framework Overview
 

Similar to Docker Multi Host Networking, Rachit Arora, IBM

Laravel, docker, kubernetes
Laravel, docker, kubernetesLaravel, docker, kubernetes
Laravel, docker, kubernetesPeter Mein
 
Dockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networkingDockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networkingAndreas Schmidt
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Partner S.A.
 
Managing multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerManaging multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerThierry Gayet
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Novaclayton_oneill
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Henryk Konsek
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP IntegrationBKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP IntegrationLinaro
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with DockerAndrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with DockerAndrey Hristov
 
Killer Docker Workflows for Development
Killer Docker Workflows for DevelopmentKiller Docker Workflows for Development
Killer Docker Workflows for DevelopmentChris Tankersley
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
Hands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesHands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesYigal Elefant
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBlueData, Inc.
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkJérôme Petazzoni
 

Similar to Docker Multi Host Networking, Rachit Arora, IBM (20)

Laravel, docker, kubernetes
Laravel, docker, kubernetesLaravel, docker, kubernetes
Laravel, docker, kubernetes
 
Dockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networkingDockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networking
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Managing multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerManaging multicast/igmp stream on Docker
Managing multicast/igmp stream on Docker
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Nova
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in docker
 
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP IntegrationBKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
Killer Docker Workflows for Development
Killer Docker Workflows for DevelopmentKiller Docker Workflows for Development
Killer Docker Workflows for Development
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
 
Hands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesHands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbies
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker Containers
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New York
 

More from Neependra Khare

002 a solooverviewjul2020-ceposta
002 a solooverviewjul2020-ceposta002 a solooverviewjul2020-ceposta
002 a solooverviewjul2020-cepostaNeependra Khare
 
Service Discovery with Consul - Arunvel Arunachalam
Service Discovery with Consul  - Arunvel Arunachalam Service Discovery with Consul  - Arunvel Arunachalam
Service Discovery with Consul - Arunvel Arunachalam Neependra Khare
 
User authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesUser authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesNeependra Khare
 
Containarized Gluster Storage in Kubernetes
Containarized Gluster Storage in KubernetesContainarized Gluster Storage in Kubernetes
Containarized Gluster Storage in KubernetesNeependra Khare
 
Securing modern infrastructure
Securing modern infrastructureSecuring modern infrastructure
Securing modern infrastructureNeependra Khare
 
DevOps India Days' 17 Keynote
DevOps India Days' 17 KeynoteDevOps India Days' 17 Keynote
DevOps India Days' 17 KeynoteNeependra Khare
 
Docker Networking (Libnetwork) - Lakshman Kumar
Docker Networking (Libnetwork) - Lakshman KumarDocker Networking (Libnetwork) - Lakshman Kumar
Docker Networking (Libnetwork) - Lakshman KumarNeependra Khare
 
Performance characterization in large distributed file system with gluster fs
Performance characterization in large distributed file system with gluster fsPerformance characterization in large distributed file system with gluster fs
Performance characterization in large distributed file system with gluster fsNeependra Khare
 

More from Neependra Khare (10)

002 a solooverviewjul2020-ceposta
002 a solooverviewjul2020-ceposta002 a solooverviewjul2020-ceposta
002 a solooverviewjul2020-ceposta
 
Service Discovery with Consul - Arunvel Arunachalam
Service Discovery with Consul  - Arunvel Arunachalam Service Discovery with Consul  - Arunvel Arunachalam
Service Discovery with Consul - Arunvel Arunachalam
 
User authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesUser authentication and authorizarion in Kubernetes
User authentication and authorizarion in Kubernetes
 
Containarized Gluster Storage in Kubernetes
Containarized Gluster Storage in KubernetesContainarized Gluster Storage in Kubernetes
Containarized Gluster Storage in Kubernetes
 
Securing modern infrastructure
Securing modern infrastructureSecuring modern infrastructure
Securing modern infrastructure
 
DevOps India Days' 17 Keynote
DevOps India Days' 17 KeynoteDevOps India Days' 17 Keynote
DevOps India Days' 17 Keynote
 
CNCF Projects Overview
CNCF Projects OverviewCNCF Projects Overview
CNCF Projects Overview
 
Project Moby
Project MobyProject Moby
Project Moby
 
Docker Networking (Libnetwork) - Lakshman Kumar
Docker Networking (Libnetwork) - Lakshman KumarDocker Networking (Libnetwork) - Lakshman Kumar
Docker Networking (Libnetwork) - Lakshman Kumar
 
Performance characterization in large distributed file system with gluster fs
Performance characterization in large distributed file system with gluster fsPerformance characterization in large distributed file system with gluster fs
Performance characterization in large distributed file system with gluster fs
 

Recently uploaded

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 

Recently uploaded (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 

Docker Multi Host Networking, Rachit Arora, IBM

  • 1. Docker Multi Host Networking Rachit Arora , IBM BigInsights on Cloud
  • 2. Agenda  Docker networking – overview  Native Multi Host networking (Experimental)  Software defined networks SDNs  Multi Host networking options − OpenVSwtich − Weave − Flannel , SocketPlane Etc..
  • 3. Goals  Make "network" a first class object  Provide a Pluggable networking stack  Span networks across multiple hosts  Support multiple platforms
  • 4. libnetwork Updated Networking Stack in Docker Create Networks using the Docker CLI Multi-host Networking Services UI
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. SDNs value proposal SDNs proposes network solutions embracing cloud paradigms  Massively multi-tenant  Thousands tenants, massively scalable  Easy & fast (de)provisioning  Infra as code, API centric  Infrastructure agnostic  L3, does not stick with lower levels (physical designs, vlans & co)  Decouple infrastructure & tenants lifecycles  Cross technology, vendor agnostic
  • 10.  Full-mesh, network agnostic and encapsulated approach  Relies on L3 networks and GRE, VXLAN… tunnels for inter-hosts communication (avoid using L2)  Network agnostic, til hosts can route trafic  SDN Routers must route traffic between an inner virtual net and the ext. world SDN Properties Host #3 Host #1 Host #2 SDN network #1 SDN network #1 SDN network #1 SDN network #1 SDN network #1 Router Physical net. Flow encapsulation L3 network
  • 11. OpenVSwtich  Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.  It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag).  In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch
  • 12. Host #1 Host #3Host #2 Getting Started Container ‘app’ Container ‘db’ Bridgedocker0 Container ‘app’ Container ‘db’ Bridgedocker0 Container ‘app’ Container ‘db’ Container ‘app’ Bridgedocker0 Container ‘app’ TCP ports of services running in containers are mapped  Get rid of actual Docker bridges implementation ! (Turn ICC False)  If not, all containers will talk together across a same host
  • 13. SetUp - OVS  Setup Dev Tools − yum -y groupinstall "Development Tools" − yum -y install wget openssl-devel − yum -y install wget openssl-devel gcc make python-devel openssl-devel kernel-devel graphviz kernel-debug- devel autoconf automake rpm-build redhat-rpm-config libtool  Set up Bridge Utils − yum -y install bridge-utils  Prepare OVS rpm − cd ~ − mkdir -p rpmbuild/SOURCES − wget http://openvswitch.org/releases/openvswitch-2.3.1.tar.gz − tar xvfz openvswitch-2.3.1.tar.gz − cd openvswitch-2.3.1/ − cp ../openvswitch-2.3.1.tar.gz ~/rpmbuild/SOURCES/ − sed 's/openvswitch-kmod, //g' openvswitch-2.3.1/rhel/openvswitch.spec > openvswitch- 2.3.1/rhel/openvswitch_no_kmod.spec − rpmbuild -bb --nocheck ~/openvswitch-2.3.1/rhel/openvswitch_no_kmod.spec  You can find the files in ~/rpmbuild/RPMS/x86_64/.  yum -y localinstall openvswitch-2.3.1-1.x86_64.rpm
  • 14.  Use OpenVSwitch to create bridges on each host, for each tenant’s subnet. For instance, on host #1: » ovs-vsctl add-br tech-br » ovs-vsctl add-port tech-br tep0 -- set interface tep0 type=internal » ifconfig tep0 192.168.1.1 netmask 255.255.255.0 » ovs-vsctl add-br sdn-br0 » ovs-vsctl set bridge sdn-br0 stp_enable=true Create SDN compliant bridges Host #1 sdn-br0 Host #3 sdn-br0 sdn-br1 Host #2 sdn-br0 sdn-br1 Simplified view. Detailed insight exposed in later slides Once per host: common plumbing For each bridge: create and protect against ethernet loops using Spanning Tree Protocol (beware, in complex/large deployments, it may consumes a lot of CPU!)
  • 15. Link SDN bridges Host #1 sdn-br0 Host #3 sdn-br0 sdn-br1 Host #2 sdn-br0 sdn-br1  Use OpenVSwitch to link corresponding bridges accross hosts  In this example, we decided to use the full-mesh approach. On host #1:  ovs-vsctl add-port sdn-br0 gre0 --set interface gre0 type=gre options:remote_ip:1.2.3.2  ovs-vsctl add-port sdn-br0 gre1 --set interface gre1 type=gre options:remote_ip:1.2.3.3 gre0 gre1 1.2.3.1 1.2.3.2 1.2.3.3 Simplified view. Detailed insight exposed in later slides
  • 16. U Start containers and map them to the bridges Host #1 sdn-br0 Host #3 sdn-br0 sdn-br1 Host #2 sdn-br0 sdn-br1 Container ‘app’ Container ‘db’ Container ‘app’ Container ‘db’ Container ‘app’ Container ‘app’ Container ‘db’ Container ‘app’ Container ‘db’  Instanciate containers without pre-built interfaces to avoid plugging containers to native docker0 bridge  Use “docker run … ip = ?? -net=none” switch in “docker run” calls
  • 17. Weave
  • 18. Weave  Weave can traverse firewalls and operate in partially connected networks.  Traffic can be encrypted, allowing hosts to be connected across an untrusted network.  With weave you can easily construct applications consisting of multiple containers, running anywhere.  Weave works alongside Docker's existing (single host) networking capabilities, so these can continue to be used by containers.
  • 19. Weave Installation Ensure you are running Linux (kernel 3.8 or later) and have Docker (version 1.3.1 or later) installed
  • 21. Performance Comparison – self test  Used qperf to test performance  Physical Host − tcp_bw: − bw = 117 MB/sec  OVS with gre tunnel (Default) − tcp_bw: − bw = 81.9 KB/sec  OVS with gre tunnel (ethtool -K ovsBridge tx off sg off tso off) ( technique for increasing outbound throughput of high-bandwidth network connections by reducing CPU overhead , not recommended for production) − tcp_bw: − bw = 104 MB/sec  Weave(Latest version) based on VXLAN (Older versions based on pcap had lower performance) − tcp_bw: − bw = 92.3 MB/sec
  • 22. Bonus: Alternate design - OpenStack Neutron paradigms  Alternate design, based on OpenStack Neutron paradigms  All VMs/containers of a same tenant network are segregated inside a dedicated, local VLAN of a shared unique bridge  Full-mesh of GRE tunnels between all hosts  On each host, local mapping between a local tenant network VLAN and its GRE identifier shared across all hosts